Report mapping government databases released

8 April 2009

A number of central databases holding information on various aspects of life including health have been built by the government in recent years. Recently there have been some concerns about these databases following the loss of data from Her Majesty’s Revenues and Customs (HMRC) and the European Court of Human Rights ruling that the UK National DNA Database was in breach of human rights law (see previous news). As a result, the Joseph Rowntree Reform Trust commissioned the Foundation for Information and Policy Research (FIPR) to carry out an in-depth study of public sector databases resulting in the publication of a report charting these databases (reported by the Guardian).

The scope of the report - Database State included systems that will at some time or another, hold identifiable personal information on a significant minority of citizens, including existing systems as well as those which have not been built yet such as the National Identity Registry. In all, the report assessed 46 databases across major government departments and described their purpose, methods by which they share data and the potential risks they pose. The databases were given an overall ranking (green, amber or red) following an assessment of aspects such as impact on privacy, utility and effectiveness. In addition, the report makes policy recommendations as to how data should be held, managed and collected by the government.

Nine databases were assessed within the Department of Health. Of these, seven were coded as amber signifying that they demonstrated “significant, worrying failings, and may fall foul of a legal challenge” and two as red suggesting that they do not conform to EU human rights or data protection laws. The Secondary Uses Service (SUS) processes patient identifiable data from a variety of sources, for the primary purpose of administration and in order to support secondary uses such as medical research. This service was assessed as 'red' on the basis that there is no provision for individuals to exert a right of opt-out. The Detailed Care Record aims to electronically link together information from GPs, hospitals and clinics, and was also assessed as ‘red’. This was because the system lacked a curator who would maintain and be responsible for the quality of the data, and it was felt that this would result in rapid deterioration of the records held in the system. In addition, the authors felt that increasing the number and types of users to whom information would be made available under the proposed scheme was likely to compromise privacy as well as precluding more detailed consideration of the context for the proposed information sharing.

As part of their recommendations, the authors suggest that systems coded as amber should be independently reviewed and changes made such as giving individuals the right to opt-out and those coded red should be scrapped or substantially redesigned. The report also recommends that government should compel the provision or sharing of sensitive personal data only for strictly defined purposes, and in almost all cases, sensitive data should be kept on local rather than national systems. In addition, it suggests that more effective IT systems could be built by subjecting new database systems to greater public scrutiny and openness and recruitment of civil servants able to manage complex systems.

Comment: The report is predicated upon a presumption that public interests in privacy and confidentiality outweigh other public interests such as having a sound understanding of health and disease through epidemiological or secondary medical research. The legal requirement for interventions to be 'necessary and proportionate' arguably allows such tradeoffs to be accounted for and reports from other groups have shown that a universal requirement for consent may result in vulnerable groups being unrepresented or produce biased research. It is also arguable that that the central tenet of this report is misguided in that it does not seek to take account of national law. The UK Data Protection Act provides for a more inclusive interpretation of medical purposes than the EU Data Processing Directive, thus establishing a statutory basis for sharing identifiable medical data for the purpose of medical research. Member states are permitted to derogate from the principles set out in European law, although the extent to which UK data protection law could and should lawfully derogate from European law continues to be a source of academic debate.